Your message dated Sun, 19 Nov 2017 00:58:56 +0000 with message-id <e1egdwm-0009ee...@fasolo.debian.org> and subject line Bug#877332: Removed package(s) from unstable has caused the Debian Bug report #876674, regarding p3scan: CVE-2017-14681 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 876674: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876674 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: p3scan X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, the following vulnerability was published for p3scan. CVE-2017-14681[0]: | The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file | after dropping privileges to a non-root account, which might allow | local users to kill arbitrary processes by leveraging access to this | non-root account for p3scan.pid modification before a root script | executes a "kill `cat /pathname/p3scan.pid`" command, as demonstrated | by etc/init.d/p3scan. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14681 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14681 Please adjust the affected versions in the BTS as needed. Regards, Markussignature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---Version: 2:2.3.2-8.1+rm Dear submitter, as the package p3scan has just been removed from the Debian archive unstable we hereby close the associated bug reports. We are sorry that we couldn't deal with your issue properly. For details on the removal, please see https://bugs.debian.org/877332 The version of this package that was in Debian prior to this removal can still be found using http://snapshot.debian.org/. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org. Debian distribution maintenance software pp. Scott Kitterman (the ftpmaster behind the curtain)
--- End Message ---